package com.basic.hellorabbit.controller;

import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RestController;

import java.util.List;

/**
* @Description:    Spring Security接口测试
* @Author:         Joe
* @CreateDate:     2020/3/22 12:53
*/
@RestController
//@EnableGlobalMethodSecurity(prePostEnabled = true)//启动下面的@PreAuthorize作用
public class SecurityController {

    @RequestMapping(value = "/",method = RequestMethod.GET)
    public String testno(){
        return "没有被拦截的";
    }

    @RequestMapping(value = "/testSecurity",method = RequestMethod.GET)
    public String testSecurity(){
        return "hello Security";
    }

    /**
     * 只有ADMIN可以访问
     * 角色+权限访问：ROLE_
     * @return
     */
    //@PreAuthorize("hasRole('ROLE_ADMIN')")
    @RequestMapping(value = "/testRole",method = RequestMethod.GET)
    public String testRole(){
        return "hello This is role welcome testRole";
    }

    /**
     * @return
     */
    //@PreAuthorize("#id<10 or principal.username.equals(#username) and #user.username.equals('root1')")
    //@PostAuthorize("returnObject%2==0") //方法调用完成后进行权限检查的
    //@RequestMapping(value = "/testallRole",method = RequestMethod.GET)
    //public Integer testallRole(Integer id, String username, User user){
     //   return id;
    //}

    /**
     * @return
     */
    //@PreFilter("filterObject%2==0") //对集合类进行调用
    //@PostFilter("filterObject%4==0") //对集合类的返回值
    //@RequestMapping(value = "/testallRole2",method = RequestMethod.GET)
    public List<Integer> testallRole2(List<Integer> ids){
        return ids;
    }
}
